[Openswan dev] IPSECPOLICY flag in Makefile.inc
Michael Richardson
mcr at sandelman.ottawa.on.ca
Fri Jul 2 17:44:31 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Herbert" == Herbert Xu <herbert at gondor.apana.org.au> writes:
>> eventually c) ask that a new connection be secure
Herbert> This bit can already be done with 26sec, at least with
Herbert> racoon.
(Please recall that I spent 4 years working with KAME before being
hired onto the FreeS/WAN team. I worked on the NRL and Sun code that
the RFCs that KAME was based upon were based upon.)
Actually, 26sec and racoon can not do what is proposed.
You can say, "I want this secure", and you can say "I want to form a
tunnel with FOO", but you can not specify what the identity of the
remote system is supposed to be.
The sockopt interface is pretty limited.
- --
] "Elmo went to the wrong fundraiser" - The Simpson | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBQOXJLYqHRg3pndX9AQFK6AP+IdBS5vczvSnTgjmJj+jdD2sf0+JjC7Uk
H2eOFj2UebBYv/jUQQXvUPKSTxHfG2VOjB9mPH2QPLxxzxNWogp4hQ+y/ZdGqZqP
XsE+G5adauvNI/o0ZzNi16RNJhh/UTBfhJDAksfU9YlkhiStN0BHhyB0F+unbgN/
1/qNrz9XTfc=
=JB75
-----END PGP SIGNATURE-----
More information about the Dev
mailing list